This invention relates to securing data from misappropriation, unauthorised change as well as ensuring the integrity of data that is prepared and communicated internally and externally of a data processing device or network, whether the network is trusted or not.
In the context of information technology IT security equates to confidentiality, integrity: and availability and every IT product and network, has its own level of security. To achieve and maintain a particular level of security, the product or every element of a network will involve the implementation of one or more security functions, for example, control of access to the product or network, both physically and in the data sense, transaction auditing and detection and recovery from breaches of the security which is in place.
However, even if a particular level of security exists, there must also be a commensurate assurance in these security functions, i.e. confidence in the correctness of the security functions (development and operation functions) and confidence in the effectiveness of the security functions.
There exists a number of IT security evaluation criteria which address these security function issues, for example the Trusted Computer Systems Evaluation Criteria (TCSEC) xe2x80x9cOrange Bookxe2x80x9d used by the US Department of Defence, the UK CESG3, the German ZSiEc as well as the Joint European Information Technology Security Evaluation Criteria (ITSEC).
To provide a realistic requirement for applying any form of security evaluation criteria there should also exist a realistic description of the operational requirements and the security threats that are to be countered (real world and assumed). These considerations along with the overall security objectives and well known security mechanisms becomes the security evaluation target of the IT security product or system that will be suitable for use in a security environment.
It is an aspect of this invention to provide an IT product which equals or exceeds the ITSEC security evaluation criteria level E6 which will allow the product to be used in a wide variety of security environments.
One such security target relates to the aim of providing an IT product which will allow the interconnection of networks with differing classification levels. For example, there is a defence requirement for top secret compartmented networks to be interconnected with secret networks (FIG. 1) so that appropriately classified data (e.g. unclassified to secret) may flow from the top secret network to the secret network while maintaining a bar to the flow of top secret data from the top secret network to the secret network. There must be a high level of assurance that both the hardware and software will not compromise data held in the top secret network by passing inappropriate data items to the secret network which includes the possibility of malicious logic (e.g. trojan horses) or security flaws in computer hardware or software in the top secret network which may be used to leak data to the secret network.
One way of achieving the necessary assurance for the aforementioned target is to ensure that all computing equipment, hardware and software, is evaluated to an appropriate ITSEC level, in this case at least E6.
Due to the stringent nature of the evaluation criteria at E6 level, it is unlikely that a product of similar utility to that of, for example, a general purpose workstation which is classified as an untrusted device by all security evaluation criteria, could be made available. However, with the ever increasing complexity of the message content and level of communications between workers involved with classified material it is desirable that such equipment be available. Ideally, a product such as a workstation would meet the requirements of level E6 and still remain functionally similar to an untrusted workstation.
As well as complex data there is often the need to prepare for transmission, data which is seemingly of a simple nature, but for which the highest level of integrity is required. An example of a message which must have high integrity is of the nature of an order from a commander to xe2x80x9claunch a missile at target 23511xe2x80x9d. The message must be verifiable as to its source and must have the highest level of integrity in respect of the content of the message.
Ideally there must exist a secure means of controlling the transfer of messages input to a display, so that only the message displayed which must be visually verified by the sender will be transmitted, thereby ensuring the integrity of its content. This then leaves the user to be responsible for taking appropriate steps to verify themselves as a legitimate source of the message.
Thus it is a desirable aspect of security related devices when used with a non E6 level compliant (which for the purposes of this discussion is considered as untrusted) device, for example a workstation, to have provided a trusted path between the message input, the display, the human verifier, and the message output of the device. A trusted path for high integrity information is then created using elements of a previously untrusted devices and its normal functions for their preparation.
However, having prepared a high integrity message, there still exist many security threats, in relation to message interception and unauthorised interpretation. To counter these threats, apart from well known physical security measures, there exist a number of security functions which can be applied to the message itself, to remove or reduce these threats.
The most common and typically most easily applied is the use of an encryption algorithm, having a predetermined key. When the encrypted message is received at its destination, a decryption algorithm is applied using the same predetermined key to extract the original message.
There are many encryption and decryption algorithms, however, only the xe2x80x9cone time padxe2x80x9d key system has an unquestionable assurance of confidence and effectiveness against unauthorised decryption. A xe2x80x9cone time padxe2x80x9d system uses a random key for each matching data item sent.
Currently, this approach is only used in very limited circumstances and is impractical for widespread use, due to the unmanageable nature of the large number of keys that would be used and the difficulty of coordinating the use of the same random key at each end of the information exchange.
Thus it is a further desirable aspect of the invention to provide a data encryption device which uses the preferable xe2x80x9cone time padxe2x80x9d encryption system, but which overcomes the mass storage, coordination, and distribution problems of the typical implementation of this type of scheme while still meeting a security evaluation criteria level of E6 or greater.
Thus the combined use of data integrity and encryption elements would provide a message having a high integrity with regards to its content and unquestionable assurance that the message has not been decrypted.
The invention thus may comprise two devices, an encryption device and a trusted path device. A encryption device for encryption of an input data may comprise a mass storage device adapted to store a plurality of random keys for use in the encryption process as required.
A trusted path device may be incorporated or retrofitted to standard data processing devices. The device will provide an assurance that various security critical functions carried out by a user cannot be bypassed or tampered with by the hardware or software of the untrusted device which could otherwise compromise the function of the data processing device to which the trusted path device is attached.
In a broad aspect, the invention is
a trusted path device for controlling the transfer of received data between an untrusted data input means, an untrusted visual display means adapted to display signals from an external source and a data output means, comprising,
a trusted visual display interface control means for transferring said received data from said untrusted data input means to said untrusted visual display means and controlling said display to display said received data on said untrusted display,
an untrusted verifier means having at least one user operable input signal actuator whereby a first signal output from said verifier means occurs upon actuation of a trusted first one of said actuators representative of a visual verification by the user that the data displayed on said untrusted visual display means, is received data, and
a trusted control means adapted for receiving verifier means output and upon receiving said first signal output transferring said received data to said data output means.
In a further broad aspect of the invention a trusted encryption device comprises
a trusted control means,
a trusted data input means for accepting received data comprising a data portion and a uniquely associated data string comprising a serial identifier,
an untrusted mass storage means for retrievably storing a plurality of data items, said items comprising at least one encryption key part which is uniquely associated with a data string comprising a serial identifier,
a trusted data string verifier means having at least two registers, a first register containing a current serial identifier and a second register containing a serial identifier bound, wherein
said control means adapted to determine whether said serial identifier in said received data is within the range determined by said current serial identifier and said serial identifier bound, in which event said control means (i) stores in said first register a current serial identifier calculated by incrementing said serial identifier in said received data a predetermined series increment towards said serial bound identifier, (ii) retrieves from said untrusted mass storage means a key part uniquely associated with said serial identifier in said received data, encrypting said data portion of said received data according to a predetermined encryption algorithm with said key part, and (iii) outputs an encrypted data portion having a uniquely associated said serial identifier.
In a further broad aspect of the invention a method of encrypting data comprises a method of encrypting data comprises the steps of
a) storing a plurality of data items each comprising at least one encryption key, each of said keys being uniquely associated with a data string comprising a serial identifier in an untrusted mass storage device,
b) storing a serial identifier bound in the first register of the trusted serial number verifier means,
c) storing a current serial identifier in a second register of said trusted serial number verifier means,
d) providing data input to a trusted control means comprising a data portion to be encrypted and a uniquely associated serial identifier,
e) comparing in said trusted control means said serial identifier portion of said data input to said serial identifier to determine whether they are equal and whether said serial number portion is greater than or equal to said serial identifier bound,
f) obtaining from said untrusted mass storage device a data item having an encryption key uniquely associated with said current serial identifier,
g) adjusting said serial identifier in said received data a predetermined series increment towards said serial identifier bound,
h) encrypting in said trusted control means said data portion of said data input uniquely associated with said current serial identifier, with a predetermined encryption algorithm using said random encryption key, and
i) said trusted control means providing a data output comprising an encrypted data portion associated with said serial identifier.